CVE-2025-4649 in Web
Summary
by MITRE • 05/13/2025
Improper Privilege Management vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.
This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/13/2025
The CVE-2025-4649 vulnerability represents a critical improper privilege management flaw within the Centreon web application that enables unauthorized privilege escalation. This security weakness specifically impacts the access control mechanisms governing the event logs page functionality, creating a scenario where users with insufficient privileges can bypass intended security boundaries. The vulnerability stems from inadequate enforcement of access control lists that should restrict access to sensitive operational data based on user roles and permissions. The flaw manifests when the system fails to properly validate user credentials against established privilege levels before rendering the event logs interface, allowing unauthorized individuals to view comprehensive system logs that should be restricted to administrative or high-privilege users only.
The technical implementation of this vulnerability involves a breakdown in the application's authorization framework where the access control list validation process becomes ineffective during the display of event logs. This misconfiguration creates a direct path for privilege escalation attacks, as the system does not properly verify whether the requesting user possesses the necessary elevated privileges required to access the sensitive event log data. The vulnerability affects multiple version ranges across different release branches, indicating a persistent flaw in the application's privilege management implementation that spans several major releases. Security controls that should enforce role-based access restrictions are bypassed, allowing users to access operational data that could reveal system configurations, user activities, and potentially sensitive business information.
The operational impact of this vulnerability extends beyond simple unauthorized data access, as event logs typically contain critical system information that could be exploited by malicious actors to identify system weaknesses, map network topologies, or discover potential attack vectors. An attacker exploiting this vulnerability could gain insights into system vulnerabilities, user behaviors, and operational patterns that would otherwise remain hidden from standard users. The ability to view all available logs without proper privilege validation creates opportunities for information gathering that could support more sophisticated attacks, including targeted exploitation of system weaknesses or social engineering campaigns based on discovered user patterns and system behaviors.
Organizations utilizing affected Centreon versions face significant risk exposure from this vulnerability, as it undermines fundamental security controls designed to protect sensitive operational data. The vulnerability directly contravenes established security principles and best practices for access control management, creating a dangerous scenario where unauthorized users can access critical system information. Mitigation strategies should include immediate deployment of available patches for versions 24.10.4, 24.04.10, 23.10.21, and 23.04.26, alongside comprehensive review and testing of existing access control configurations. Security teams should implement additional monitoring controls to detect unauthorized access attempts to privileged system interfaces and consider implementing more robust authentication and authorization mechanisms. This vulnerability aligns with CWE-284, which specifically addresses improper access control, and represents a clear violation of the principle of least privilege that forms the foundation of secure system design. The ATT&CK framework categorizes this issue under privilege escalation techniques, specifically targeting the use of insecure permissions and access control mechanisms to gain elevated system access.